Skip to main content

serviceAccount

Fetch a single service account by id. Requires organization_admin permissions.

serviceAccount(
  organizationId: ID!
  id: UUID!
): ServiceAccount

Arguments

serviceAccount.organizationId ● ID! non-null scalar {#organization-id}

Your organization's unique identifier.

serviceAccount.id ● UUID! non-null scalar {#id}

The service account's unique identifier.

Type

ServiceAccount object

A non-human identity for programmatic API access.

Service accounts let you integrate CI/CD pipelines, scripts, and external tools with the Massdriver API. They authenticate using access tokens — issue one with createAccessToken and pass it as a bearer token on API requests.

Permissions — Service accounts have no inherent permissions. Add them to groups to grant access, using the same role model as human users. A service account in the Admins group has the same access as a human admin.

Lifecycle:

  1. Create the service account.
  2. Add the service account to one or more groups to grant access.
  3. Issue one or more access tokens for the service account via createAccessToken. The raw token value is only shown once at creation — store it securely before navigating away.
  4. Delete the service account when it is no longer needed. This immediately revokes all access, including any active access tokens.